TY  - JOUR
T1  - Bambda: A Framework for Preventing Function Invocation Condition-Based Attacks in Serverless Environments
AU  - Hee, Shin Chang 
AU  - Soo, Lee Seung 
JO  - The Transactions of the Korea Information Processing Society
PY  - 2025
DA  - 2025/1/30
DO  - https://doi.org/10.3745/TKIPS.2025.14.4.215
KW  - Serverless
KW  - Cloud Computing
KW  - Function Invocation Condition-Based Attacks
AB  - Serverless computing is rapidly emerging as a new paradigm in cloud computing, offering automatic scalability, cost efficiency, and 
ease of operation. However, its two core characteristics—IAM-based privilege management and event-driven execution—can introduce 
security vulnerabilities. In particular, complex inter-functional call relationships make serverless applications susceptible to attacks such 
as privilege bypass and event trigger exploitation. Existing approaches, including static analysis and data tagging, have limitations in 
real-time threat response and developer productivity in dynamic serverless environments. In this paper, we propose Bambda, a dynamic 
security framework tailored for serverless environments. Bambda performs real-time function call verification through centralized logging 
and automated code injection using AWS CloudWatch. By implementing a multi-step verification process that distinguishes between direct 
and event-driven calls, Bambda effectively prevents bypass attacks without requiring additional security configurations from developers. 
Experiments in AWS Lambda environments validate its effectiveness in defending against privilege escalation and chained function call 
attacks while maintaining practical performance overhead.